simun Posted July 31, 2014 Share Posted July 31, 2014 (edited) Hi there, I was just looking at the PHP INSERT INTO example at the bottom of the tutorial page http://www.w3schools.com/sql/sql_injection.asp The code shown is:- 1> $stmt = $dbh->prepare("INSERT INTO Customers (CustomerName,Address,City) VALUES (:nam, :add, :cit)");2> $stmt->bindParam(':nam', $txtNam);3> $stmt->bindParam(':val', $txtAdd);4> $stmt->bindParam(':cit', $txtCit);5> $stmt->execute(); Would this not return an error due to the mismatch between :add and :val in lines 1 and 3? I'm not trying to find criticism, purely just trying to understand how to write safer code. Many Thanks to all those involved in putting together and running w3school. Edited July 31, 2014 by simun Link to comment Share on other sites More sharing options...
davej Posted July 31, 2014 Share Posted July 31, 2014 Yep, obvious editing typo. Link to comment Share on other sites More sharing options...
simun Posted August 1, 2014 Author Share Posted August 1, 2014 Thanks for replying Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now